Dynadot

alert Epik Had A Major Breach

Spaceship Spaceship
Watch

Silentptnr

Domains88.comTop Member
Impact
47,106
Last edited:
33
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
@Derek Peterson heya derek not taking sides here since i don't know the backstory or the history you guys have but the screenshots you provided show no proof of threat or am i missing something ?
 
0
•••
@Derek Peterson heya derek not taking sides here since i don't know the backstory or the history you guys have but the screenshots you provided show no proof of threat or am i missing something ?

Rob was claiming that he "owned" and "controlled" a VPN service and was promising everyone total privacy and security but it was in fact a white label he was reselling for which he NO control over at all.
 
2
•••
4
•••
It sure would be suspicious if one of EPIK's owners was a LIBERAL civil rights guy whose family is fighting against the male patriarchy and racists. Imagine if an owner of EPIK was married to [redacted], who is the daughter or [redacted]. Well now, that would sure be suspicious.

https://web.archive.org/web/20190511074513/https://www.epik.com/about/directors/

Edited by moderator: removed the names of someone's family members. Internal ref: /c/3239481/
 
Last edited by a moderator:
0
•••
Which starts with domainers with thousands of domains (some familiar admin contacts are revealed) and ends with endusers managing 1 domain (many simply purchased a markerplace listing?). For an outside reader, they are all "far right and nazi supportes" now, aren't they? Taking in account the context...
I am surprised at how few domains you need, to be inside their top 50 clients. I had expected a lot more Epik domainers to have over 1,000 domains.
 
2
•••
I was just thinking about what happens if a domain registrar goes out of business, I’ve never known it in my 6 years investing in domains, so I am curious what happens if Epik go out of business (I have no reason to believe they are).

What happens to people’s assets within that company? Would they have to give customers a certain amount of time transfer out? What would happen to customers’ assets if they don’t transfer out upon closure?
 
Last edited:
2
•••
In case of their termination by ICANN - all domains will be moved to another accredited registrar automatically, except ccTLDs.
And that's all.
 
Last edited:
11
•••
I was just thinking about what happens if a domain registrar goes out of business, I’ve never known it in my 6 years investing in domains, so I am curious what happens if Epik go out of business (I have no reason to believe they are).

What happens to people’s assets within that company? Would they have to give customers a certain amount of time transfer out? What would happen to customers’ assets if they don’t transfer out upon closure?

It has happened in the past. Registrars have gone out of business and been de-accredited by ICANN.
The domains will be transferred to another registrar.

However, that only covers the domains themselves.

If you have others assets in a company, for instance in Epik's case Masterbucks, that is not going to be covered by ICANN. It is probably not likely to be covered by anyone.

If a business was to fold you normally end up in the line with others creditors; usually near the back of the line.

Brad
 
Last edited:
6
•••
I was just thinking about what happens if a domain registrar goes out of business, I’ve never known it in my 6 years investing in domains, so I am curious what happens if Epik go out of business (I have no reason to believe they are).

What happens to people’s assets within that company? Would they have to give customers a certain amount of time transfer out? What would happen to customers’ assets if they don’t transfer out upon closure?

I can't see that happening in this case.

I was using Registerfly when they imploded in 2007.

ICANN took a while to act, but eventually domains were provided a Server-Delete-Prohibited status as many were expiring and could not be renewed at Registerfly.

GD took over the portfolio and customers. The transfers were done automatically and organised by ICANN if I remember correctly.
https://en.wikipedia.org/wiki/RegisterFly

EDITED.
 
Last edited:
4
•••
In case of their termination by ICANN - all domains will be moved to another accredited registrar automatically, except ccTLDs.
And that's all.

When Epik became an accredited registrar didn't they have to pass certain tests and evaluations as far as their security protocols go and if they passed and got their accreditation then ICANN might consider Epik to be more of a victim than a villain as far as them getting hacked now (just saying).

IMO
 
Last edited:
0
•••
1
•••
When Epik became an accredited registrar didn't they have to pass certain tests and evaluations as far as their security protocols go and if they passed and got their accreditation then ICANN might consider Epik to be more of a victim than a villain as far as them getting hacked now (just saying).

IMO

I am not really sure how much vetting ICANN does as far as that goes, especially on an ongoing basis after accreditation.

ICANN has terminated the accreditation of several registrars for a variety of reasons, but it is usually for blatant violation of policies. There certainly could be some in this case, but really we are in uncharted waters with the size and scope of this data breach when it comes to a registrar. Nothing has ever come close to this.

I expect something to come from ICANN at some point, but who knows what it will be. They are usually extremely slow to act on anything.

Brad
 
Last edited:
3
•••
In case of their termination by ICANN - all domains will be moved to another accredited registrar automatically, except ccTLDs.
And that's all.

If that 'automatically' happens, Epik are known for allowing domains that no other domain registrar will touch, I'm curious how 'automatically' will work then.
 
Last edited:
1
•••
I expect something to come from ICANN at some point, but who knows what it will be. They are usually extremely slow to act on anything.

Perhaps ICANN can start by reevaluating all the security protocols across the board at all the Registrars and Registries.

The fact that Epik has gotten hacked has made certain flaws in their system to come to everyone's attention, but who's to say that the same flaws (or even worse) don't exist at other registrars.

This could become a learning experience for the Industry as a whole to patch up all the security holes.

And while they are at it ICANN should also make sure that everyone's business practices are fair and above board.

IMO
 
Last edited:
2
•••
Last edited:
4
•••
ICANN might consider Epik to be more of a victim than a villain

It doesn't work this way. The interests of the registrants are paramount.
 
Last edited:
3
•••
It doesn't work this way. The interests of the registrants are paramount.

So then lets reform the whole Industry to make sure that the interests of the registrants are protected across the board when it comes to security and certain unfair business practices by the Registrars and Registries that ICANN has been closing its eyes on thus far.

IMO
 
0
•••
Formally, all the termination reasons are included into the Accreditation Agreement. If Epik complies - they should not be terminated. Most notably, they should pay what they owe to ICANN, provide operational whois, etc.

Less formally, should ICANN decide to terminate a registrar - they will. As simply as this. There were 2 cases I remember. One case - estdomains. As per the Agreement, Registrar may be terminated if it "is disciplined by the government of its domicile for conduct involving dishonesty or misuse of funds of others". Even though this or something similar happened with their CEO(?) as a natural person, and even though estdomains provided paperwork showing that the CEO leaved the company, their accreditation was still terminated.

Another case - I do not remember an exact name, it was an Indian registrar which, as ICANN suggested, was a safe heaven for TM domains. ICANN found a "smart" scheme involving Indian courts, so that lost UDRPs were never practically applied. Even though said registrar was still in formal compliance with the Agreement - ICANN terminated them.

Registrar Accreditation Agreement:

https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en
 
Last edited:
5
•••
0
•••
lets reform

I see you mention this in every thread. For this, you have to attend ICANN meetings and start from there. Wish you good luck (y)
 
Last edited:
7
•••
I see you mention this in every thread. For this, you have to attend ICANN meetings and start from there. Wish you good luck (y)

I am guided by Logic and Compassion as that is at the core of my philosophy (or religion if you want to call it that).

Logic says that we should use this occasion to fix all the security flaws and unfair and improper business practices across the board and Compassion says that we should seek to Reform rather than to Destroy.

IMO
 
Last edited:
0
•••
I'm 100% sure, that ICANN wasn't aware of plain text or MD5 on Epik, they couldn't even imagine it.
 
2
•••
I'm 100% sure, that ICANN wasn't aware of plain text or MD5 on Epik, they couldn't even imagine it.

The current (2013) Registrar Accreditation Agreement has this paragraph. I'm not sure if Epik with its IANA Registrar ID falls under this "2013" agreement, but proactively informing ICANN in the event of such a major breach can never be wrong, I presume.

3.20 Notice of Bankruptcy, Convictions and Security Breaches. Registrar will give ICANN notice within seven (7) days of (i) the commencement of any of the proceedings referenced in Section 5.5.8. (ii) the occurrence of any of the matters specified in Section 5.5.2 or Section 5.5.3 or (iii) any unauthorized access to or disclosure of registrant account information or registration data. The notice required pursuant to Subsection (iii) shall include a detailed description of the type of unauthorized access, how it occurred, the number of registrants affected, and any action taken by Registrar in response.

https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en
 
Last edited:
7
•••
When Epik became an accredited registrar didn't they have to pass certain tests and evaluations as far as their security protocols go and if they passed and got their accreditation then ICANN might consider Epik to be more of a victim than a villain as far as them getting hacked now (just saying).

IMO
There is a whole set of evaluations and conditions that have to be met before a business can become an ICANN registrar. Technically, Epik is a victim in this situation as are its customers and those affected by the WHOIS scraping. As long as Epik was conforming to ICANN policies and paying fees, then there was no problem with its accreditation. ICANN does take action against rogue registrars. The first step is usually a breach notice. After negotiations, it may be escalated to a termination with the gTLDs being shifted in bulk to other registrars.

With ccTLDs, it may be more complex. If Epik is an accredited registrar in the ccTLD, then there would be a transfer procedure if it lost its accreditation. Some of the ccTLD domain names on Epik may have been registered through ccTLD registrars or registration as a service operators like Tucows.The talk about Epik losing its ICANN accreditation is a bit premature.

Regards...jmcc
 
7
•••
4
•••
Back